Privacy Policy
Last updated: 11 July 2026
1. Who We Are
SiteCraft Digital Ltd trading as Kyur ("we", "us", "our") is the data controller for personal data collected through the Kyur client portal and related Services. For any privacy-related questions, contact us at christian@kyur.tech.
2. What Data We Collect
We collect only the data necessary to deliver and improve our Services. This includes:
- Account data: name, email address, company name, and password (stored hashed).
- Intake data: information you voluntarily provide via onboarding forms to scope your AI deployment.
- Usage data: anonymised analytics on portal usage to improve the platform.
- Payment data: handled exclusively by our Merchant of Record (Paddle). We do not store full card numbers.
3. Lawful Basis for Processing
We process personal data on the following legal grounds: (a) Contractual necessity - to provide the Services you have requested; (b) Legitimate interests - to maintain security, prevent fraud, and improve our platform; (c) Consent - where explicitly obtained for marketing communications; and (d) Legal obligation - where required by law.
4. How We Use Your Data
Your data is used solely for: delivering the agreed Services; communicating project updates; processing payments via Paddle; maintaining platform security; and complying with legal obligations. We do not sell your personal data to third parties. We do not use your data for unrelated marketing without your explicit consent.
5. Data Sharing & Subprocessors
We engage carefully selected subprocessors to deliver the Services. These include our authentication and database provider, our payment processor (Paddle), and our email delivery service. All subprocessors are contractually bound to process data only on our instructions and to maintain appropriate security measures. A current list of subprocessors is available on request.
6. Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Upon account closure, we will delete or anonymise your data within ninety (90) days, except where retention is required by law or for legitimate business interests such as fraud prevention.
7. Your Rights
Depending on your jurisdiction, you may have the right to: access your personal data; request correction of inaccurate data; request erasure ("right to be forgotten"); restrict or object to processing; request data portability; and withdraw consent. To exercise any of these rights, contact us at christian@kyur.tech. We will respond within thirty (30) days.
8. Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted database storage, role-based access controls, and regular security reviews. However, no internet-based system can be guaranteed 100% secure. You are responsible for maintaining the confidentiality of your account credentials.
9. Cookies & Tracking
The Kyur portal uses essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Any analytics we collect is anonymised and used solely for platform improvement.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. Material changes will be communicated via email or through the client portal. Continued use of the Services after changes take effect constitutes acceptance of the revised Policy.